** Summary changed: - Backport unprivileged fscaps to xenial 4.4 + Backport namespaced fscaps to xenial 4.4
** Description changed: SRU Justification - Impact: Support for using filesystem capabilities was added upstream in - Linux 4.14. This is a useful feature that allows unprivileged containers - to set fscaps that are valid only in user namespaces where a specific - kuid is mapped to root. This allows for e.g. support for Linux distros - within lxd which make use of filesystem capabilities. + Impact: Support for using filesystem capabilities in unprivileged user + namespaces was added upstream in Linux 4.14. This is a useful feature + that allows unprivileged containers to set fscaps that are valid only in + user namespaces where a specific kuid is mapped to root. This allows for + e.g. support for Linux distros within lxd which make use of filesystem + capabilities. Fix: Backport upstream commit 8db6c34f1dbc "Introduce v3 namespaced file capabilities" and any subsequent fixes to xenial 4.4. Test Case: Test use of fscaps within a lxd container. Regression Potential: This has been upstream since 4.14 (and thus is present in bionic), and the backport to xenial 4.4 was not difficult, so regression potential is low. ** Description changed: SRU Justification Impact: Support for using filesystem capabilities in unprivileged user namespaces was added upstream in Linux 4.14. This is a useful feature that allows unprivileged containers to set fscaps that are valid only in user namespaces where a specific kuid is mapped to root. This allows for e.g. support for Linux distros within lxd which make use of filesystem capabilities. Fix: Backport upstream commit 8db6c34f1dbc "Introduce v3 namespaced file capabilities" and any subsequent fixes to xenial 4.4. Test Case: Test use of fscaps within a lxd container. Regression Potential: This has been upstream since 4.14 (and thus is - present in bionic), and the backport to xenial 4.4 was not difficult, so - regression potential is low. + present in bionic), and the backport to xenial 4.4 was straightforward, + so regression potential is low. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1778286 Title: Backport namespaced fscaps to xenial 4.4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1778286/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
